This chapter is from the book

This chapter is from the book

This chapter covers the following topics that you need to master for the CCNP ISCW exam:

GRE Characteristics—Describes how generic routing encapsulation (GRE) can be used to encapsulate virtually any routed or routing protocol through an IP network

GRE Header—Describes the GRE header that defines what is carried inside the GRE tunnel

Basic GRE Configuration—Describes how to define the tunnel source, destination, mode, and contents

Secure GRE Tunnels—Describes how GRE and IPsec complement each other across the network

Configure GRE over IPsec Using SDM—Describes how SDM wizards permit easy configuration of GRE over IPsec

Generic routing encapsulation (GRE) tunnels have been around for quite some time. GRE was first developed by Cisco as a means to carry other routed protocols across a predominantly IP network. Some network administrators tried to reduce the administrative overhead in the core of their networks by removing all protocols except IP as a transport. As such, non-IP protocols such as IPX and AppleTalk were tunneled through the IP core via GRE.

GRE adds a new GRE header to the existing packet. This concept is similar to IPsec tunnel mode. The original packet is carried through the IP network, and only the new outer header is used for forwarding. Once the GRE packet reaches the end of the GRE tunnel, the external header is removed, and the internal packet is again exposed.

Today, multiprotocol networks have mostly disappeared. It is difficult to find traces of the various protocols that used to be abundant throughout enterprise and core infrastructures. In a pure IP network, GRE was initially seen as a useless legacy protocol. But the growth of IPsec saw a rebirth in the use of GRE in IP networks. This chapter talks about the use of GRE in an IPsec environment.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide whether you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 15-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you to determine how to spend your limited study time.

Table 14-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of self-assessment. Giving yourself credit for an answer that you correctly guess skews your self-assessment results and might provide you with a false sense of security.

What is the minimum amount of additional header that GRE adds to a packet?

16 bytes

20 bytes

24 bytes

36 bytes

48 bytes

Which of the following are valid options in a GRE header (select all that apply)?

GRE Header Length

Checksum Present

Key Present

External Encryption

Protocol

What is the purpose of a GRE tunnel interface?

It is always the tunnel source interface.

It is always the tunnel destination interface.

It is where the protocol that travels through the tunnel is configured.

It is the interface that maps to the physical tunnel port.

It is not used today.

When IPSec transport mode is used, how many IP headers are found in the GRE over IPsec packet?

One—the original IP header is replicated when needed.

Two—the original IP header and the GRE IP header.

Two—the original IP header and the IPsec IP header.

Three—the original IP header, the GRE IP header, and the IPsec IP header.